External Resources

Regulatory Research Hub

A curated collection of official data protection and cybersecurity sources from EU institutions, national regulators, and government bodies. We maintain this library to help privacy and security professionals quickly find authoritative guidance.

All links point to official external sources. Acompli is not affiliated with these organisations.

Popular Starting Points

Data Protection

DPC GuidanceIrish DPC

UK GDPRICO

GDPR Full TextEUR-Lex

EDPB GuidelinesEDPB

SCCsEC

Cybersecurity

NCSC GuidanceNCSC IE

10 StepsNCSC UK

NIST CSFNIST

Irish DPC

Ireland — Data Protection Commission

Official guidance and legislation from the Irish supervisory authority and statute book.

DPC Guidance

DPC Guidance HubDPC

Browse all official DPC guidance by topic.

Breach NotificationDPC

How to report data breaches to the DPC.

Cookies & Tracking GuidanceDPC

Consent requirements for cookies and tracking technologies.

Cookies FAQsDPC

Common questions about cookie compliance.

DPIAsDPC

When and how to conduct Data Protection Impact Assessments.

DSARs & Transfers

DSAR FAQDPC

Handling data subject access requests.

International TransfersDPC

DPC guidance on Chapter V GDPR transfers.

Irish Legislation

Data Protection Act 2018 (Enacted)ISB

The Irish Act as originally enacted.

Data Protection Act 2018 (Revised)ISB

Current version reflecting amendments.

S.I. 336/2011 — ePrivacy RegulationsISB

Irish implementation of the ePrivacy Directive.

Legislation OverviewDPC

DPC index of applicable data protection law.

UK ICO

United Kingdom — ICO & PECR

Guidance from the UK Information Commissioner's Office and UK legislation, including PECR for cookies and electronic marketing.

UK GDPR & Data Protection

GOV.UK Data Protection OverviewGOV.UK

UK government overview of UK GDPR and DPA 2018.

ICO UK GDPR HubICO

Central hub for UK GDPR guidance.

ICO DPIA GuidanceICO

Detailed practical guidance on DPIAs.

Data Protection Act 2018legislation.gov.uk

Official UK legislation text.

PECR (Cookies & Electronic Marketing)

PECR Full Textlegislation.gov.uk

Privacy and Electronic Communications Regulations 2003.

PECR Regulation 22legislation.gov.uk

The specific rule on unsolicited electronic marketing.

ICO Cookies GuideICO

Practical guidance on cookie consent and exemptions.

Electronic Mail Marketing GuideICO

Rules for email, SMS, and similar marketing channels.

Direct Marketing GuidanceICO

Detailed compliance guidance for electronic campaigns.

EUR-Lex

EU Primary Legislation

The official legal texts as published in the Official Journal of the European Union.

GDPR (Regulation 2016/679)

Consolidated GDPR TextEUR-Lex

The full Regulation in consolidated, readable format.

Official Journal RecordEUR-Lex

The formal OJ publication reference for citation purposes.

ePrivacy Directive (2002/58/EC)

Consolidated ePrivacy TextEUR-Lex

EU rules on electronic communications privacy, including the cookie consent requirement (Article 5(3)).

Official Journal RecordEUR-Lex

The formal OJ publication reference.

European Commission

Policy & International Transfers

Official Commission materials on data protection policy and cross-border transfer mechanisms.

Data Protection Policy

Data Protection HubEC

The Commission's central page for EU data protection policy.

Data Protection ExplainedEC

Plain-language explainer of core GDPR concepts.

Legal Framework OverviewEC

How GDPR fits alongside related EU instruments.

International Transfers (Chapter V)

International Transfers HubEC

Index page for transfer mechanisms, adequacy, and EU–US topics.

Adequacy DecisionsEC

Which countries have adequacy status and how it's assessed.

Standard Contractual Clauses (SCCs)EC

Official SCC information and when to use them.

SCCs Q&AEC

How SCCs work in practice.

SCCs Implementing Decision 2021/914EUR-Lex

The legal instrument adopting the modernised SCCs.

EDPB

European Data Protection Board

The EU-level body responsible for consistent GDPR interpretation across all EU/EEA supervisory authorities.

Guidance & Publications

EDPB HomepageEDPB

Main site for the European Data Protection Board.

Guidelines & RecommendationsEDPB

Official guidance clarifying GDPR interpretation.

Documents LibraryEDPB

Search all EDPB publications (guidelines, opinions, statements).

SME Data Protection GuideEDPB

Practical guidance designed for smaller organisations.

ePrivacy & Cookies

Cookie Banner Taskforce ReportEDPB

Findings on common cookie banner issues and enforcement alignment.

Article 5(3) Technical Scope GuidelinesEDPB (PDF)

What tracking techniques fall under the cookie rule.

ePrivacy PublicationsEDPB

All EDPB documents tagged as ePrivacy.

Registers & Directory

Article 60 Decisions RegisterEDPB

Final One-Stop-Shop decisions for cross-border cases.

National DPAs DirectoryEDPB

Official supervisory authority for each EU/EEA country.

EDPS

European Data Protection Supervisor

The regulator for EU institutions and bodies. Useful for governance and public-sector comparisons.

EDPS GuidelinesEDPS

Official guidance for EU institutions and bodies.

Complaints OverviewEDPS

How complaints to the EDPS work.

Regulation 2018/1725EUR-Lex

Data protection rules for EU institutions (EDPS supervises this).

Your Europe

EU Business Portals

Practical guidance portals maintained by the EU for businesses operating in the single market.

Your Europe — Data Protection for BusinessesYour Europe

Practical EU portal for businesses on GDPR compliance.

Cybersecurity

Cybersecurity Frameworks & Guidance

Official cybersecurity law, regulator guidance, and practical frameworks from EU, Irish, UK, and US government sources.

NCSC Ireland

Ireland — National Cyber Security Centre

Official guidance, incident reporting, and frameworks from Ireland's national cybersecurity authority.

Guidance & Frameworks

NCSC Guidance HubNCSC IE

Official published guidance and templates for organisations.

Cyber Fundamentals Framework (CyFun)NCSC IE

Risk-based cybersecurity framework for maturity and NIS2-aligned measures.

NIS2 Information HubNCSC IE

Ireland's NIS2 updates, FAQs, and implementation materials.

S.I. 360/2018 — NIS RegulationsISB

Irish statutory instrument implementing NIS obligations.

Incident Response & Threats

Incident ReportingNCSC IE

How to report cyber security incidents to the Irish NCSC.

Quick Guide: RansomwareNCSC IE (PDF)

Defensive measures and 'break the chain' guidance.

Quick Guide: PhishingNCSC IE (PDF)

Phishing recognition and mitigations.

National Cyber Emergency PlanNCSC IE (PDF)

National-level cyber emergency planning and coordination.

NCSC UK

United Kingdom — National Cyber Security Centre

Guidance and frameworks from the UK's national cybersecurity authority, including Cyber Essentials.

Frameworks & Baselines

10 Steps to Cyber SecurityNCSC UK

Government-backed framework for organisational cyber risk management.

Cyber EssentialsNCSC UK

Minimum cyber security standard for organisations of all sizes.

Cyber Essentials Scheme OverviewGOV.UK

Government guidance on the Cyber Essentials certification scheme.

NIS Regulations 2018legislation.gov.uk

UK's Network and Information Systems Regulations legal text.

Incident Response & Threats

Incident ManagementNCSC UK

Building and maintaining effective cyber incident response.

Mitigating Malware & RansomwareNCSC UK

Controls for preventing and recovering from ransomware.

Phishing GuidanceNCSC UK

Improving organisational resilience against phishing.

Supply Chain SecurityNCSC UK

Assessing suppliers and managing supply-chain cyber risk.

Report PhishingGOV.UK

Official UK reporting channels for suspicious emails and texts.

EU Cybersecurity

EU Cybersecurity Law & ENISA

EU-wide cybersecurity legislation and guidance from the EU Agency for Cybersecurity.

EU Cybersecurity Law

NIS2 Directive (EU) 2022/2555EUR-Lex

EU-wide cybersecurity obligations for essential and important entities.

NIS2 Technical Requirements (2024/2690)EUR-Lex

Detailed technical measures and significant incident criteria.

EU Cybersecurity Act (2019/881)EUR-Lex

ENISA mandate and EU cybersecurity certification framework.

Cyber Resilience Act (2024/2847)EUR-Lex

Product security requirements for connected hardware/software.

ENISA Guidance & Threat Intelligence

ENISA Publications HubENISA

Central catalogue of guidance, reports, and sector materials.

NIS2 Implementation GuidanceENISA

Practical support for NIS2 cybersecurity risk management.

Threat Landscape HubENISA

Entry point for ENISA threat landscape content.

ENISA Threat Landscape 2025ENISA

Latest annual threat landscape report.

EU Cybersecurity CertificationENISA

Portal for EU cybersecurity certification schemes.

CERT-EUCERT-EU

Cyber incident coordination for EU institutions and agencies.

US Government

United States — NIST & CISA

Widely-used US government cybersecurity frameworks and threat resources.

NIST Frameworks

NIST Cybersecurity FrameworkNIST

Official landing page for CSF and supporting resources.

NIST CSF 2.0NIST (PDF)

The CSF 2.0 publication (NIST CSWP 29).

NIST SP 800-53 Rev. 5NIST

Security and privacy controls catalogue for assurance programmes.

CISA Resources

StopRansomwareCISA

US government hub for ransomware prevention and response.

Ransomware GuideCISA

Practical guide for reducing ransomware impact.

Known Exploited Vulnerabilities (KEV)CISA

Catalogue of actively exploited vulnerabilities for patch prioritisation.

About this page: This is a curated list of external official resources maintained by Acompli to support privacy and security professionals in their research. All links point to EU institutions, national regulators, or government sources. We are not affiliated with these organisations and do not control their content. Links are checked periodically but may change — if you find a broken link, please let us know.